Slashdot Mirror

← Back to Stories (view on slashdot.org)

Virus Piggybacks Microsoft Mail Worm

Posted by ryuzaki0 on from the you-can't-make-this-stuff-up dept.

metacell writes "A virus (a version of the Chernobyl virus) infects an email worm executable (the Klez worm), and is spread along with it. " It's a damn good *delete* thing that Microsoft has been *delete* spending the last few weeks doing a *delete* security audit *delete* of all of *delete* ah never mind. My wrist hurts from deleting over a meg of mail worm viruses a day.

5 of 534 comments (clear)

  1. Re:My wrist hurts, blah, blah, blah... by bigberk · · Score: 4, Informative

    For anyone interested, this is all you need by way of procmail filter in order to never see any of this crap (kills executable attachments).

    :0 B
    *^Content-Type: (application|audio)
    *^.*name=.*\.(vb[esx]|jse?|ws [hf]|c[ho]m|bat|cmd|s hb|hta|exe|lnk|pif|scr|shs)
    /dev/null

  2. Re:Options? by Izeickl · · Score: 4, Informative

    The Bat ofcourse, seriously, check this mail client out, it has all the features you could want...Includes PGP encryption as standard too. I use The Bat all the time.

    --
    Laptop Reviews
  3. Re:Options? by Will_TA · · Score: 5, Informative
    Options away from Outlook? In Windows My university uses Pegasus, my favorite is Balsa (Linux/X Windows), Pine ('nix/Cmd Line)or Eudora (Winblows)
  4. Re:Options? by RazzleFrog · · Score: 5, Informative

    How about you just educate yourself and your coworkers instead? Email viruses are not just about the program used - they are also about ignornace. Here is a hint to get you started:

    1) Apply all security patches from Microsoft.

    I was just interupted as I was typing this by a coworker asking me about a virus (talk about synchronicity). We don't use Outlook and she wasn't infected but she printed out the email and showed it to me. Sure enough - whatever.scr. I told her to delete it immediately.

    Why did she ask me first and not print it? Because we have a policy here - which brings me to point 2:

    2) Don't open anything that isn't work related.
    3) All computers show all extensions on files.
    4) Only open files that you expected with .xls or .doc extensions only (no .doc.js, etc.).
    5) If you get anything else - then ask me or somebody else informed about the latest viruses.
    6) When in doubt, call the sender and ask if they intended to send the email.

    With all of these in place, when a virus is sent to one of our employees it does not propogate.

    I leave you with this thought. A few weeks ago somebody in another department received an email warning about a virus go around. The email said to email this warning to EVERYBODY IN YOUR ADDRESS BOOK. One of my coworkers received the email and asked me about it. Of course it was a hoax and I wrote an email back to the original sender telling her that she basically just sent out a manual email. If everybody sent out that email to everybody in their address book it would be a disaster. The moral of the story - ignorance is the worst virus.

  5. Re:What can Microsoft do? by sheldon · · Score: 3, Informative

    First of all... AmigaOS free of virii? Huh? I encountered a lot of boot sector viruses back in those days. Oh, and my favorite was the arguments about the virus that supposedly embedded itself in A500 memory expansion clock.

    Now as far as what Microsoft can do, let's look at your list and what they have done.

    10. Done. New versions of Outlook by default disable scripting.
    9. Windows XP automatically downloads security patches. This functionality should be extended to universally cover Office and other products as well.
    8. Done. New versions of Outlook by default will warn a user if an external app is trying to use it to send email, and further warn if it's being used rapidly.
    7. Pretty much done with WinXP. There are a few settings relating to domain authentication that can be strengthened by default. I think they are not because it would cause connectivity issues with older NT domains.
    6. That would be virus protection and step on third parties like Norton and McAfee.
    5. That's not Microsoft's responsibility.
    4. Again virus protection.
    3. Again virus protection.
    2. Done. This is part of the Active Directory integration.
    1. Process auditing has been part of NT since the very beginning. What you want is reporting on that, and I don't think you fully appreciate just how big of a task this would be. This functionality is really only useful in more secure DoD installations because of the scope.